How to stop a hacked account in SM?
Question asked by rick - June 5 at 2:34 PM
Unanswered
I'm fairly new to SmarterMail (using mDaemon for many years).
I found an account got hacked and I have two questions.
1) The sender was sending from an account that did not exist on the local server. Doesn't SM check to make sure it's a valid account before accepting the email?
2) The sender was connecting from host  mail.viacompinc.com (EHLO string). Doesn't SM check to see if that's valid? Because mail.viacompinc.com resolves to the SM server... so it should know right away that's false.
Here's snip from log:
 
[2018.06.05] arsed using: <RobinHerman@viacompinc.com>
[2018.06.05] 13:44:03 [113.241.211.255][79919] rsp: 250 OK <RobinHerman@viacompinc.com> Sender ok
[2018.06.05] 13:44:07 [113.241.211.255][79919] cmd: MAIL FROM:<RobinHerman@viacompinc.com>
[2018.06.05] 13:44:07 [113.241.211.255][79919] senderEmail(1): RobinHerman@viacompinc.com parsed using: <RobinHerman@viacompinc.com>
[2018.06.05] 13:44:07 [113.241.211.255][79919] rsp: 250 OK <RobinHerman@viacompinc.com> Sender ok
[2018.06.05] 13:44:12 [113.241.211.255][79919] cmd: MAIL FROM:<RobinHerman@viacompinc.com>
[2018.06.05] 13:44:12 [113.241.211.255][79919] senderEmail(1): RobinHerman@viacompinc.com parsed using: <RobinHerman@viacompinc.com>
[2018.06.05] 13:44:12 [113.241.211.255][79919] rsp: 250 OK <RobinHerman@viacompinc.com> Sender ok
[2018.06.05] 13:44:35 [5.133.62.54][38239425] cmd: EHLO mail.viacompinc.com
[2018.06.05] 13:44:35 [5.133.62.54][38239425] Authenticating as tsmolyn@viacompinc.com
[2018.06.05] 13:44:35 [5.133.62.54][38239425] Authenticated as tsmolyn@viacompinc.com
[2018.06.05] 13:44:35 [5.133.62.54][38239425] cmd: MAIL FROM:<RobinHerman@viacompinc.com>
[2018.06.05] 13:44:35 [5.133.62.54][38239425] senderEmail(1): RobinHerman@viacompinc.com parsed using: <RobinHerman@viacompinc.com>
[2018.06.05] 13:44:35 [5.133.62.54][38239425] rsp: 250 OK <RobinHerman@viacompinc.com> Sender ok
[2018.06.05] 13:44:36 [5.133.62.54][38239425] senderEmail(2): robinherman@viacompinc.com parsed using: Robin Herman <RobinHerman@viacompinc.com>
[2018.06.05] 13:44:36 [5.133.62.54][38239425] Data transfer succeeded, writing mail to 12799391.eml (MessageID: <6F563F7F-EE91-4E67-B1D6-9ED6C735CBE4@viacompinc.com>)

Reply to Thread